In this article, I’ll tell you how I got a 4 digits(₹) bounty from an Indian company. One day, I was reading about Broken links and tested some sites. In one site, I got 2 Broken links, one a Google play store link and other a google drive link. That time I didn’t know how can a Google play Broken links pose a security risk. With research on the internet, I was able to show it’s impact. Here you can learn too.
What is Broken Link Hijacking?
Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. Broken Link Hijacking comes in two forms, reflected and stored.
Issue:
It is a status 404 (not found) link pointing to the Google Play Store on webpage https://www.test.com/faq/ .
Play Store links are unique and correspond to the package name of an app. I was able to adopt the same link too.
Steps To Reproduce:
These are the steps, I undertook to reproduce the issue on that vulnerable site
1) Visit the page https://www.test.com/faq/
2) Click on Are you Unable to download? Its answer will open.
3) Click on Android app Link--> http://bit.ly/testdotcom
4) Then the link led to a Status 404 page
https://play.google.com/store/apps/details?id=com.test123
5) Since the app name was not present in the Google Play App Store, someone can simply take over this name. I checked if the name was still free and since it was free I registered it.
Impact:
A victim can come to the page e.g. through link forwarding, search engines or phishing mailing. If he now wants to download the app, an attacker can load a corrupt app into the app store. This could damage the reputation of your company or fish for login data.
Thank You.
